It depends on the size of what you do… Sure full stack at Netflix sounds impossible… And everyone is a specialist in the service he manages.. but probably some are full stack at the level of their service…

CMSs that use dynamic code in the frontend tend to rely on that functionality. Maybe not the core product but many of the plugins needed do.

Static Sites are just a frontend, and you could generate a static site from WordPress if you wanted to…

You don’t want to do that believe me! I had to implement exactly this a few months ago. The pain of having to manually figure out which files were missed by the export plugin to manually add them is big. Trying to teach people that most plugins won’t work because code will not be executed for each request seems to be in vain. They happily install whatever might solve their problem and then complain that stuff isn’t working as expected on the static version. Forcing me to try to implement that functionality on the webserver level should that be even possible.

I would of course not use WordPress as backend for my static site… But there are many excellent headless that you can use for that. Strapi, CloudCMS, Contentfull, Kentico cloud, etc.

I personally use Cloud CMS.

I agree that if your users are use to WordPress, and that they have freedom to add plugins etc, that is not a viable solution. What I meant with my comment is that a static site is your frontend, a CMS is where you maintain content, or where you are supposed to maintain content.

But CMS have grown to become monsters that supposedly do everything… Like shops etc.

What I advocate in the company I work for is “content as a micro service” where your CMS is used only to create and manage content and not to manage the design, the shop, etc.

I’ve used StanfordNLP’s NER on a project previously (we literally just needed NER and some date recognition, no sentiment/etc) and while we got it to work, the amount of work required to get it to a usable stage felt like overkill - it didn’t help that I had to delve back into java to get a usable http interface for it.

I am doing NER with spacy, classification with tensor flow. I am also experimenting with prodi.gy a tool that is developed by the same guys than spacy and offer an easy interface to worwith. For now I still have some issues with my own word vectors (4M words) I have some buffer overflows that I do not yet understand.

I find the idea nice, but I do not understand what it does exactly. Ok the projector is able to recognise a piece of paper and print the output of the code on top of. But do you really need to print the code on the paper? It seems not right?

It’s obvious to anyone running a business that GDPR is a massive pain in the ass, and a huge threat. 20M euros in fines will destroy any medium-sized company too.

Oh but if a company is fined under GDPR, surely that means it deserved to die, right? Good riddance! .. To any valuable products or services it provided, and good riddance to all the jobs it had created too!

The GDPR has been successfully sold to the masses, as something that will supposedly prevent sleazy ad companies from invading your privacy. But do you really think Google will be invading it any less than before?

What about governments then? Do you think intelligence agencies will spy on you less?

This is the main reason why GDPR is such a fucking farce. They tell you they’re protecting your privacy, while invading it as much as they possibly can.

What about governments then? Do you think intelligence agencies will spy on you less?

Nope, since GDPR is primarily about working with commercial entities rather than clandestine government agencies.

But do you really think Google will be invading it any less than before?

I expect them to comply with the law.

I also expect companies will pop up with low-cost solutions to deal with user data, similarly to how PCI regulation created an industry for payment providers to come up and handle that aspect of the transaction. Cloud providers can offer userdata bases that are encrypted and architecture for it. And designing a new system for GDPR is not super challenging, the important parts of the law tend to be pretty straight forward.

As someone who was involved in implementing GDPR at a company, I believe the law is a good first iteration. I’m sure we’ll find that some things in it are irrelevant and some things in it are harmful, but I believe in pushing for privacy.

Do you have an alternative? You’ve consistently commented on GDPR being a bad idea and implied, but not out right said, that it will have no effect. Is your suggestion that we should just drop the idea and let companies do what they want? Do you have a suggestion for alternative legislation?

I also expect companies will pop up with low-cost solutions to deal with user data

Don’t want to deal with the VAT-MESS? -Oh no problem! You just pay someone else to take care of that bullshit.

Don’t want to deal with the GDPR? -Oh no biggie. There’s a service to deal with that bullshit.

But a burden is still a burden, even if you pay someone else to deal with it, and there’s a limit to the burdens a business can bear.

I suspect the real goal of all these new burdensome regulations is to gradually cull small (and even medium) sized businesses, as part of a drive to centralize our societies ever further, so that we’re all easier to rule over.

I believe the law is a good first iteration. I’m sure we’ll find that some things in it are irrelevant and some things in it are harmful, but I believe in pushing for privacy.

It’s far from a good first iteration. They’re threatening one-man companies with 20M EUR fines for not complying with rules that are basically impossible to fully comply with. That’s not something to cheer for, and that doesn’t happen by accident - genuinely retarded people don’t get to a position where they’re writing EU-wide laws.

People keep telling us we’ll just have to wait and see how the law will be interpreted. That sounds vaguely benign, but what that means in the real world is observing which companies get destroyed for which arbitrary/political reasons.

It’s a bit like waiting to see who gets executed for wearing the kind of clothes the Emperor doesn’t happen to like. Is there no problem once everyone knows what kind of clothes he’s unhappy with?

Do you have an alternative? You’ve consistently commented on GDPR being a bad idea and implied, but not out right said, that it will have no effect.

How about “no onerous bullshit legislation”? Of course it will have effects, and they’ll be a massive net negative. How about tens of thousands of companies not wasting time researching and complying with onerous bullshit legislation, and concentrating on providing valuable goods and services instead?

Even if GDPR actually makes some privacy-invading scumbags call it a day, it’s not even meant to do anything about the police states budding everywhere.

Pretty much everyone on this forum is intimately familiar how the people running governments operate.. so why are you seemingly fine with.. well, anything governments do?

Even if GDPR actually makes some privacy-invading scumbags call it a day, it’s not even meant to do anything about the police states budding everywhere.

You keep on bringing up government surveillance but GDPR does not have anything to do with that. It’s a fine fight to have but it’s not related to this particular discussion, there are other laws and legislation around government agencies.

How about “no onerous bullshit legislation”?

This is an entirely unactionable suggestion. One person’s onerous bullshit legislation is another’s opportunity. There is not meaningful way to turn this useless platitude into a working economic system.

I am not actually working for GRAKN which is not a service but a database. I build a proof of concept for the company I work for. I had considered neo4j for the task but found GRAKN better suited. GRAKN did appreciate my proof of concept and asked me to publish my paper.

At who I am speaking about Cloud CMS an actual CMS we have implemented where I work, but I am speaking generally about API first CMS’s and the benefits they can bring to a company, especially if you need to publish to different channels.

I guess our saboteurs do it unconsciously, or at least I would hope so. But it is really interesting to see that those technics are really applied today… Especially the channel one. My guess is that it is also out of laziness or lacks of balls as decision can be offloaded and/or postponed.

Generally backups are done daily and expire over time. GDPR requires that a user deleting itself is effective within 30 days, so this can be solved by expiring backups after 30 days.

Fair point - that’s really only a slight complication.

Depending on what marketing is doing, often aggregates are sufficient. I’m not sure how often marketing needs personally identifiable information.

Marketing don’t like being beholden to another team to produce their aggregates, but this is much more of an organizational problem than a technical one. Given the size of the fines I think the executive team will solve it.

Again, aggregates are usually sufficient here. But to do more one probably does need to build specialized data pipeline jobs that know how to decrypt the data for the job.

Fraud prevention is similar in difficulty to infosec, and it can hit margins pretty hard.

There are generally two phases: detecting likely targets, and gathering sufficient evidence.

For instance, I worked on a site where you could run a contest with a cash prize. Someone was laundering money through it by running lots of competitions and awarding their sockpuppets (which was bad for our community since they kept trying to enter the contests).

The first sign something was wrong came from complaints that obviously-bad entries were winning contests.
We found similarities between the contest holder accounts and sockpuppet accounts by comparing their PII.

Then, we queried everyones PII to find out how often they were doing this, and shut them down. I’m not clear how we could have done this without decrypting every record at once (I suppose we could have done it to an ephemeral DB and then shut it down after querying).

Customer support

For instance, lots of companies use (eg) ZenDesk to help keep track of their dealings with customers. This can end up holding information from emails, phone systems, twitter messages, facebook posts, letters, etc.

This stuff isn’t going to be encrypted per-user unless each of your third-party providers happen to also use the technique.

Summary: It’s not a complete technique, but you’ve gotten past my biggest objections and I could see it making the problem tractable.

Good question though: what happens if a citizen of the EU uses his right to be forgotten? Does the user have a shiny “permanently forget me” button? The account deletion feature seems to fall a bit short of that?

Actually you are wrong… as you have to make sure that user’s data is portable, meaning that it can be exported and transferred to someone else, and you cannot keep data if you do not need it… You also have to be able to show what data you have about the user… so if you cannot decrypt what you have to show the user… you are not compliant.

Those are two separate requirements of GDPR, and being able to export a user’s data in a reusable format is only required if they haven’t asked for their data to be deleted.

I think you’re missing a key part. If a user asks for their account to be deleted, you don’t need to be able to make their data portable anymore, you just need to get rid of it. If you delete the encryption key for your user’s data, you can no longer decrypt any data you have on a user - which means legally you don’t have that data. There is nothing to show the user, or make portable.

What I like with GRAKN is that they allow the use of hypergraphs and inferences on top of it in a very easy and straight forward way. Do you know of any resources on isomorphich search in hypergraphs (Sorry I did not look for it)

Nothing specifically for hypergraphs AFAIK, but then am no expert. There are several methods for ordinary graphs which one can use as a starting point, good summary is here. Wish I read it before I started my pet project that makes use of HGs. Ended up basically re-inventing neighbourhood signature pruning, a la GraphQL. However I don’t have enough theoretical training to claim it’s the best approach.

@itamarst dude, time to step it up. There’s not much content here, and this is a clickbaity blogspam title. The article doesn’t offer much - one time this thing happened to you, and a nice thing to do when you make software is iterate?

Probably being a bit harsh, but I don’t come to lobste.rs for articles that are short, sugary and don’t particularly contribute anything other than ‘bad things are bad, good things are good’ with no exploration or development or original content.

Your article also doesn’t provide any evidence that what you’re espousing does produce success. Your correct way isn’t actually a success store, it’s a figment of your imagination. It might be correct but there is no way to know based on this article. Maybe your correct way would have resulted in 6mo - 1yr delay for other reasons.

No, but I implemented a program per “the right way” [1]. It’s written in Lua using LPeg (because of the amount of parsing involved) and it has proved to be “mostly fast enough.” It’s only recently (the past two months out of 18 months in production) that a performance issue has popped up (because traffic to the service has vastly increased) and the issue only happens intermittently (and usually don’t last long—by the time it’s alarmed, it’s over). Not a bad thing really, as the code is straightforward and easy to work on [2].

[1] It was intended to be a proof-of-concept (at least in my mind), only it ended up in production, without anyone informing me (long story).

[2] Thank God Lua has coroutines. It makes writing network code much nicer, as it’s imperative instead of a nest of callbacks with logic spread out all over the place.

I agree the article is a bit thin, but it’s true. The way I’ve heard it described is doing a vertical slice of an entire feature, rather than horizontally filling out your implementation. The end user features have to drive the architecture and not the other way around.

Another way to think about it is to do end-to-end tests first; don’t write tests for internal interfaces which will undoubtedly change based on contact with the real world.

I also think that ‘vertical slices’ can be simpler to implement. Here though it seems that some kind of messaging protocol had to be implemented. It seems, at list to me, complicated to slice it vertically mostly as everything should work together. No?

Yes, I think you mean it’s silly to slice it horizontally if you really need the end-to-end messaging; doing it vertically is obvious. I think the advice is obvious in most circumstances, but I guess in a big organization you can fall into the trap of “well this team will just implement the interface, and then we’ll build to that interface”.

But that doesn’t really work… Well, you might be able to brute force it, but the result will be suboptimal (buggy, hard to maintain, perform badly). A better approach is to have a small team to build out the end-to-end proof of concept, and then split up the work with a more stable architecture.

Certain architectural decisions are almost set in stone from the beginning, and very hard to change later.